[erlang-questions] asn1 and the new ssl module
Jakob Cederlund
jakob@REDACTED
Fri Feb 22 15:33:23 CET 2008
Hmm, I did something wrong here, I should of course skip the tag first.
Please try the following change to ssl_connection, or use your own patch.
check_asn1(<<Byte, Bin/binary>>) when (Byte band 127) == 127 ->
asn1_long_tag(Bin, 1);
check_asn1(<<?BYTE(Size), _/binary>>) when Size < 127 ->
{Size + 1, 0};
check_asn1(<<?BYTE(128), _/binary>>) ->
{1, 0};
check_asn1(<<?BYTE(129), ?BYTE(Size), _/binary>>) ->
{Size+2, 0};
check_asn1(<<?BYTE(130), ?UINT16(Size), _/binary>>) ->
{Size+3, 0};
check_asn1(<<?BYTE(131), ?UINT24(Size), _/binary>>) ->
{Size+4, 0};
check_asn1(<<?BYTE(132), ?UINT32(Size), _/binary>>) ->
{Size+5, 0}.
asn1_long_tag(<<Byte, Bin/binary>>, N) when (Byte band 128) == 128 ->
asn1_long_tag(Bin, N+1);
asn1_long_tag(<<_, Bin/binary>>, N) ->
{BytesToRead, _} = check_asn1(Bin),
{BytesToRead+N, 0}.
/Jakob
Pablo Polvorin wrote:
> Hi,
> thanks for the patch!
> perhaps i had been doing something wrong, but i couldn't make your
> patch work for my.
> Immediately after upgrading a gen_tcp socket to ssl, I get this error
> {function_clause,
> [{ssl_connection,check_packet,[asn1,<<>>,0]..
>
> After fixing this adding a new case to check_packet(asn1,..), it still
> doesn't work, and returns data that is not an asn1-completed packet.
>
> Digging in the ber encoding documentation and
> asn1rt_ber_bin:decode_tag_and_length/1, each packet seems to looks
> like <<Tag,PacketLength,Packet>>, where the size of the Tag field
> isn't know, and the size of the PacketLength field could be anything
> between 1 and 128 bytes. Are you taking this into account?
>
> Here is my version of a patch(R12B-1) for this, its based in my
> previous code (and so depends on the asn1 application.. witch is
> somewhat awkward as the api for decode_tag_and_length/1 doesn't define
> what error it would throw when the tag or length field isn't
> complete).
>
> best regards, pablo.
>
>
>
> 2008/2/20, Jakob Cederlund <jakob@REDACTED>:
>
>> thisIt was very useful, thanks!
>> And here is a patch. It simply adds asn1 package support for the new ssl.
>> It should work with R12B-1, and probably fine with R12B.
>> Hope this helps!
>> /Jakob
>>
>>
>>
>> Pablo Polvorin wrote:
>> Thanks for the clarification!
>>
>> ...it isn't a patch, .. probably it isn't usefull to you. .
>> anyway, this is the code i'm using
>> http://ppolv.wordpress.com/2008/02/15/erlang-ssl-and-asn1/
>>
>> cheers
>> pablo
>>
>> 2008/2/15, Jakob Cederlund <jakob@REDACTED>:
>>
>>
>> Nope, not yet.
>> Currently, the new ssl (the one you get with {ssl_imp, new}) only
>> supports these packet-options: raw, 1, 2, 4, cdr and line. (Packaging is
>> handled by the function ssl_connection:check_packet/3.) The rest are
>> fairly easy to add, and we hope to do that in the next release. Patches
>> are welcome! :-)
>>
>> /Jakob
>>
>>
>> Pablo Polvorin wrote:
>> > Hi all,
>> > I'm using the new ssl module to "upgrade" a gen_tcp socket to ssl. But
>> > I couldn't find a way to easily receiving asn1 packets from it.
>> > My question is, it's possible to use the {packet,asn1} option when
>> > using the new ssl module?.
>> >
>> > ssl_connection.erl seems to not have any reference to that option.
>> >
>> > Finally I implemented the buffering and packet delimiting code in my
>> > application, but I wonder if there is an easy and early way to
>> > accomplish the same.
>> > regards,
>> >
>>
>>
>>
>>
>>
>>
>>
>>
>>
More information about the erlang-questions
mailing list